With the Playstation Network outage now going into it’s fifth day, with no estimate as to when it might be back up (according to this morning’s Playstation blog post), there are a number of questions that are raised by the incident that should be of interest not only to users of the network, but to anyone who uses web based services.
At this point, Sony has provided only two solid pieces of information: that it was a network intrusion, and that they are in the process of rebuilding their system. This raises some important questions:
What actually happened?
One common way that networks are brought down is through a DDOS – or “Distributed Denial of Service Attack”. This happens when a hacker (or network of hackers) uses large numbers of zombie computers (that’s your computer if it gets the right kind of virus or trojan on it) to overwhelm a network with traffic, preventing legitimate users from getting in. But it sounds like this was not what happened with the Playstation Network. So what are some common possibilities?
- The intrusion was detected early and the network brought down to block further access. If someone gets into your network and you aren’t sure what they have access to, the only sure way to prevent further access is to disconnect your network. Then you can search through system logs and try to find out what they have done and make sure they can’t do it again.
- The intrusion exposed a fundemental security flaw in the network design. In this case a prolonged outage is very possible. It takes skilled engineers to rework the security of a system – especially if it involves modifying the actual software of the system. Worst yet, due to employee turnover it’s quite possible that the original designers of the software or network security are no longer around, so it takes time for new people to understand the current system before they start modifying it.
- The intrusion caused actual damage. The Playstation Network, like any network, is made up of a number of individual server computers. If someone obtained direct administrative (root) access to those servers, they could have done all kinds of nasty things, up and to including reformatting the hard drives. In this case Sony would have to restore servers from previous backups (assuming the intruder wasn’t able to delete those as well). This kind of restoration is a very time consuming process.
What information did they intruder obtain?
The Playstation network holds all sorts of personal information, ranging from credit card account numbers, to Netflix logons. Was the intruder able to access any of this personal information? If so, Sony should be forthcoming as soon as possible so that members can take appropriate precautions. If not, Sony should reassure members that at least that part of their network was secure. The silence on this matter suggests that either Sony has not considered this issue (being focused on bringing the network back up as soon as possible), or they are reluctant to tell us, or scariest of all – that they don’t know.
Why is the Playstation Network a single point of failure for other services?
Not being able to play games for a few days may be frustrating, but it’s not the end of the world. But what about other services? Why does the Netflix app, for example, require login to the Playstation Network? Why could it not have an alternate mechanism to use one’s Netflix login directly? (Update: There is a workaround to view Netflix videos on PS3 while the Playstation Network is down).
The least important question to ask is: who did it? That is a question for the FBI, and has little direct impact on network users.
The limited information and lack of transparency by Sony to date is less than reassuring and only leads to speculation and rumors. My goal here has been not to speculate, but rather to educate – to help you understand some of the likely possibilities of what happened, and to make sure that the right questions are being asked.